Category Started On Completed On Duration Cuckoo Version
FILE 2014-07-15 05:28:04 2014-07-15 05:30:41 157 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine4 xpmachine4 VirtualBox 2014-07-15 05:28:04 2014-07-15 05:30:41

File Details

File name report_order_87238947239847289374289.exe
File size 51444 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 0B1C566D
MD5 bed56c6a875c092377f0e67bdb3cadf4
SHA1 82909ecc9bbb77a79520c95940eb58ab611b90c9
SHA256 f006b5b0ff6d1008f6bed8ece89580da42826e1264d795bf16aa0bf6448bab1e
SHA512 1f1241076b60e2a8c6e3f14c2fb7a304716a83bd886d2ae1d56858ea3a052a3582d007aa077f0025a53eec83710732efd77b5384f6bb6dd3b89f614a0ce75dc3
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2014-07-15 09:20:27
Detection Rate: 3/53 (Expand)

Signatures

File has been identified by at least one AntiVirus on VirusTotal as malicious
Installs itself for autorun at Windows startup

Screenshots

Static Analysis

Sections

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\DOCUME~1\TDW\LOCALS~1\Temp\report_order_87238947239847289374289.exe
  • C:\WINDOWS\WINHELP.INI
  • C:\
Mutexes Nothing to display.
Registry Keys
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\HTML Help
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Disk\Enum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

Processes

registry filesystem process services network synchronization

report_order_87238947239847289374289.exe PID: 968, Parent PID: 384

report_order_87238947239847289374289.exe PID: 996, Parent PID: 968

Volatility

Nothing to display.